[Tutor] Parsing email headers
Jim
jf_byrnes at comcast.net
Sun Apr 26 20:36:45 EDT 2020
On 4/26/20 6:24 PM, Cameron Simpson wrote:
> On 26Apr2020 16:13, jim <jf_byrnes at comcast.net> wrote:
>> OS = linux Mint 18,xx
>>
>> This may be a little OT, as I am as interested in the process leading
>> up to parsing the header as I am in the results of parsing it.
>>
>> What I want to do is figure out where an email came from without
>> actually opening it. We all get possible malicious emails. Some are
>> obvious but some look pretty real. Many times the From line just says
>> "Google" or "Chase", etc. I wrote a little bare bones script that
>> will print out the From:, Return-Path: and the Sender: names from the
>> header.
>
> Python has a pretty full email parsing library. Trite example assuming
> you have the message in a file:
>
> import email
> with open(email_message_file) as f:
> message = email.Parser.Parser(f)
>
> That gets you a Message object in "message", with ready access to the
> headers and many other facilities.
>
> You're probably interesting in the Received: headers (any of which may
> be forged of course).
>
> DL Neil has pointed you at the imap and pop libraries available if you
> want to write stuff to connect to your mailbox over the net.
I found that library and I found an example in the docs that looked like
someone wrote just for my use case.
I guess the bigger question for me is, am I being safer doing this or am
I just fooling myself. If the email was malicious and it was going to
drop a payload on me if I opened would doing what I outlined keep it
from happening?
Thanks, Jim
More information about the Tutor
mailing list